Tag: SSL

  • TIL: HSTS is not Pinning, Pinning is the Problematic One!

    TIL: HSTS is not Pinning, Pinning is the Problematic One!

    It has been years that I mistaking HSTS as HPKP 🤦— it’s not! HSTS is a way to make sure your website should ONLY be loaded in HTTPS. HPKP is the ancient internet standard for securing your webapps. What’s pinning/HPKP? Certificate Pinning or often called HTTP Public Key Pinning is a mechanism to tell your…